Skip to main content
SpringerLink
Log in
Book cover

EU Legal Framework for Safeguarding Air Passenger Rights pp 99–138Cite as

The Protection of the Right to Privacy in the Context of Security and Commercial Practices

  • Chapter
  • First Online:

  • 916 Accesses

Abstract

This chapter focuses on the protection of the right to privacy in the context of security and commercial practices. With regard to security, it analyses the guidelines adopted to ensure respect of the fundamental rights of persons and the right to privacy concerning the rules that must be followed by Member States in the creation of adequate systems for the transfer, storage and protection of personal data provided by passengers when travelling. It also describes the international agreements signed by the European Union with third countries, in particular the USA, Canada and Australia on the transfer of PNR data between the two parties.

With regard to commercial practices, the chapter deals with the consumers’ limited access to information on fares and rates and on conditions of carriage (vertical opacity) and the solutions adopted. It focuses on the adoption of Regulation (EEC) No 2409/92, repealed by Regulation (EC) No 1008/2008, which fixes the criteria and procedures to be followed for determining passenger and cargo fares and rates for air services provided within the European Union. It also examines in detail the matter of optional price supplements and Computerized Reservation Systems.

Finally, the chapter focuses on the negative impact that commercial alliances and agreements such as ‘code sharing’ may sometimes have on the safety of air transport and the safeguard of passenger rights, because passengers may experience uncertainty and confusion as to the identity of the carrier that will effectively provide the service. It explains how international and European legislation has reacted to this phenomenon.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    On this point, see Chap. 3, Sect. 3.3.

  2. 2.

    On this point, see Chap. 3, Sect. 3.3.1.

  3. 3.

    In the beginning, the use of PNRs was conceived to allow air carriers to exchange information on personal data acquired upon booking from those passengers who might have had to use flights from different airlines to reach their final destination.

  4. 4.

    These data are not to be confused with API (advance passenger information), obtained by optically reading passports. API data are also distinguishable from PNR data for the purposes of their collection and use. The former are, in fact, mainly used as identity control tools, in the monitoring of and processing accesses to frontiers. The latter are used for the prevention of terrorist acts and other serious crimes. Because of the great number of elements present in the latter, the use they may be put to varies according to necessity. PNR may thus be used both for investigations and in criminal proceedings (reactively), and the prevention of crimes (by their use in real time), and for the study and analysis of trends, to create general movement and behaviour models of subjects (from a proactive point of view).

  5. 5.

    ICAO, Circular 309, Guidelines on Passenger Name Record (PNR) data, 2006.

  6. 6.

    See ICAO working paper, High-Level Conference on Aviation Security (HLCAS), 12–14 September 2012, Montreal, available at www.icao.int.

  7. 7.

    Communication from the Commission to the Council and the Parliament—Transfer of Air Passenger Name Record (PNR) Data: A Global EU Approach, COM(2003) 826.

  8. 8.

    These categories are laid down by Article 8 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJEC L 281, 23.11.1995, p. 31.

  9. 9.

    Communication from the Commission on the global approach to transfers of Passenger Name Record (PNR) data to third countries COM(2010) 492 final.

  10. 10.

    Article 8 of the European Convention of Human Rights (Right to respect for private and family life) provides that: ‘(1) Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others’.

  11. 11.

    Article 7 of the Charter of Fundamental Rights of the European Union (Respect for private and family life) provides that: ‘Everyone has the right to respect for his or her private and family life, home and communications’.

  12. 12.

    Article 8 of the Charter of Fundamental Rights of the European Union (Protection of personal data) provides that: ‘(1) Everyone has the right to the protection of personal data concerning him or her. (2) Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified. (3) Compliance with these rules shall be subject to control by an independent authority’.

  13. 13.

    In this case, too, adequate guarantees on the levels of protection must be provided; the purpose for which they are to be used must be limited to those of the original transfer, and data transmission must not be by blocks but on a case-by-case basis.

  14. 14.

    The Commission, in this regard, states that: ‘reciprocity should be ensured, especially through the transfer of analytical information flowing from PNR data by competent authorities of the receiving third country to police and judicial authorities of the Member States, as well as to Europol and Eurojust’. See COM(2010) 492 final, p. 10.

  15. 15.

    Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, COM(2011) 32. This was the second Proposal from the Commission. A first Proposal had been presented in November 2007, COM(2007) 654 final. However, since the Council had not adopted it at the moment of the entry into force of the Treaty of Lisbon, it became obsolete. The Commission then presented a new Proposal in 2011, pursuant to the TFEU. On 25 March 2011, the European Data Protection Supervisor expressed an opinion on this Proposal (Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime, OJEU C 181, 22.6.2011, p. 24). The Supervisor, while acknowledging the tangible improvements compared to the 2007 Proposal, in particular to its scope of application, stressed that the use of PNR data for the purpose of fighting crime should always be on a case-by-case basis or when faced with a threat established by concrete indicators, because the scale of information exchanged could not be justified by intelligence purposes for large-scale PNR data processing. The European Economic and Social Committee, expressing an opinion on the Proposal of 5 May 2011 (Opinion of the European Economic and Social Committee on the ‘Proposal for a Directive of the European Parliament and of the Council on the use of Passenger Name Record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime’, COM(2011) 32 final—2011/0023 (COD), OJEU C 218, 23.7.2011, p. 107), although welcoming the Proposal, voiced its concern on the recurring choice between security and fundamental freedoms. It expressed a reservation that stepping up security was at the expense of citizens’ rights, with regard to personal data, and fundamental personal rights. The Committee wholly shares the position of the European Data Protection Supervisor. The Commission Proposal is, to date, still under discussion.

  16. 16.

    Article 3 of Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data, OJEC L 61, 6.8.2004, p. 24. See the Directive’s definition of ‘personal data’, under Article 2, which simply expressly refers to the one in Article 2 of Directive 95/46/EC, cit.

  17. 17.

    Article 4 of Directive 2004/82/EC simply fixes the minimum amount of no less than EUR 3,000, and the maximum amount of less than EUR 5,000, for each journey for which passenger data were not communicated or were communicated incorrectly, with no sanction provided for in the case of their not being cancelled.

  18. 18.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, cit.

  19. 19.

    Council Directive 2001/51/EC of 28 June 2001 supplementing the provisions of Article 26 of the Convention implementing the Schengen Agreement of 14 June 1985, OJEC L 187, 10.7.2001, p. 45.

  20. 20.

    Council Decision 2004/496/EC of 17 May 2004 on the conclusion of an Agreement between the European Community and the United States of America on the processing and transfer of PNR data by Air Carriers to the United States Department of Homeland Security, Bureau of Customs and Border Protection, OJEC L 183, 20.5.2004, p. 83.

  21. 21.

    Commission Decision 2004/535/EC of 14 May 2004 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the United States’ Bureau of Customs and Border Protection, OJEC L 235, 6.7.2004, p. 11.

  22. 22.

    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJEC L 281, 23.11.1995, p. 31, as amended by Regulation (EC) No 1882/2003 of the European Parliament and of the Council of 29 September 2003 adapting to Council Decision 1999/468/EC the provisions relating to committees which assist the Commission in the exercise of its implementing powers laid down in instruments subject to the procedure referred to in Article 251 of the EC Treaty, OJEC L 284, 31.10.2003, p. 1.

  23. 23.

    Judgment in Joined Cases C-317/04 and C-318/04 European Parliament v Council of the European Union and Commission of the European Communities [2006] ECR I-2467.

  24. 24.

    See the judgment in Case C-101/01 Lindqvist [2003] ECR I-12971.

  25. 25.

    See the judgment in Case C-176/03 Commission v Council [2005] ECR I-7879.

  26. 26.

    Letter to the Council Presidency and the Commission from the Department of Homeland Security (DHS) of the United States of America, concerning the interpretation of certain provisions of the undertakings issued by DHS on 11 May 2004 in connection with the transfer by air carriers of passenger name record (PNR) data, OJEC C 259, 27.10.2006, p. 1

  27. 27.

    Council Decision 2006/729/CFSP/JHA of 16 October 2006 on the signing, on behalf of the European Union, of an Agreement between the European Union and the United States of America on the processing and transfer of passenger name record (PNR) data by air carriers to the United States Department of Homeland Security of 16 October 2006, OJEC L 298, 27.10.2006, p. 27.

  28. 28.

    Council Decision 2007/551/CFSP/JHA of 23 July 2007 on the signing, on behalf of the European Union, of an Agreement between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement), OJEC L 204, 4.8.2007, p. 16.

  29. 29.

    European Parliament Resolution of 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada, OJEU C 81E, 15.3.2011, p. 70.

  30. 30.

    Council Decision 2012/472/EU of 13 December 2011 on the signing, on behalf of the Union, of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security, OJEU L 215, 11.8.2012, p. 1.

  31. 31.

    Council Decision 2012/472/EU of 26 April 2012 on the conclusion of the Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security, OJEU L 215, 11.8.2012, p. 4. The Agreement will remain in force for 7 years, is renewable, and has superseded the previous one of July 2007. See declaration by EU Commissioner Malmström on the European Parliament plenary vote on the Passenger Name Record (PNR) Agreement with the United States of America, of 19 April 2012, MEMO/12/259: ‘This is an agreement the three EU institutions can be proud of: it provides stronger protection of EU citizens’ right to privacy and more legal certainty for air carriers than the existing EU–U.S. PNR Agreement from 2007. At the same time, it fully meets the security needs of the United States of America and the EU. Under the new agreement, data of passengers travelling to the United States of America will be used to fight serious transnational crime and terrorism. It will be made anonymous 6 months after a passengers’ flight. EU citizens will be informed about the use of their data, and will be able to access and request the correction or deletion of their PNR data. The new agreement is a substantial improvement on the existing Agreement from 2007, and I am pleased that the European Parliament has recognized this today’.

  32. 32.

    See ‘Information concerning the date of entry into force of the Agreement between the United States of America and the European Union on the use and transfer of passenger name records to the United States Department of Homeland Security’, OJEU L 174, 4.7.2012, p. 1.

  33. 33.

    Freedom Information Act of 4 July 1966. For more information, see http://www.foia.gov/index.html.

  34. 34.

    The European Data Protection Supervisor (EDPS), created in 2001, has the primary objective to ensure that European institutions and bodies respect the right to privacy and data protection when they process personal data and develop new policies.

  35. 35.

    Opinion of the European Data Protection Supervisor on the Proposal for a Council Decision on the conclusion of the Agreement between the United States of America and the European Union on the use and transfer of Passenger Name Records to the United States Department of Homeland Security, OJEU C 35, 9.2.2012, p. 16.

  36. 36.

    Council Decision 2008/651/CFSP/JHA of 30 June 2008 on the signing, on behalf of the European Union, of an Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian Customs Service, OJEC 213, 8.8.2008, p. 47.

  37. 37.

    Evaluation of the Australia–EU PNR agreement, P6_TA(2008)0512. European Parliament recommendation of 22 October 2008 to the Council concerning the conclusion of the Agreement between the European Union and Australia on the processing and transfer of European Union-sourced passenger name record (PNR) data by air carriers to the Australian customs service (2008/2187(INI)), OJEU C 15E, 21.1.2010, p. 46.

  38. 38.

    European Parliament Resolution of 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada, OJEU C 81E, 15.3.2011, p. 70.

  39. 39.

    EU external strategy on Passenger Name Record (PNR), P7_TA(2010)0397. European Parliament Resolution of 11 November 2010 on the global approach to transfers of passenger name record (PNR) data to third countries, and on the recommendations from the Commission to the Council to authorise the opening of negotiations between the European Union and Australia, Canada and the United States, OJEU C 74E, 13.3.2012, p. 8.

  40. 40.

    See the provisions on Common Foreign and Security Policy (CFSP), in Title V of the TEU.

  41. 41.

    Communication from the Commission on the global approach to transfers of Passenger Name Record (PNR) data to third countries, COM(2010) 492 final, cit.

  42. 42.

    Council Decision 2012/380/EU of 22 September 2011 on the signing, on behalf of the Union, of the Agreement between the European Union and Australia on the processing and transfer of passenger name record (PNR) data by air carriers to the Australian Customs and Border Protection Service, OJEU L 186, 14.7.2012, p. 2.

  43. 43.

    Council Decision 2012/381/EU of 13 December 2011 on the conclusion of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service, OJEU L 186, 14.7.2012, p. 3.

  44. 44.

    EU–Australia agreement on the processing and transfer of PNR data, P7_TA(2011) 470. European Parliament legislative Resolution of 27 October 2011 on the draft Council decision on the conclusion of the Agreement between the European Union and Australia on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the Australian Customs and Border Protection Service (09825/2011-C7-0304/2011-2011/0126(NLE)), OJEU C 131 E, 8.5.2013, p. 274.

  45. 45.

    Unlike the provisions of the United States Agreement, which enables the United States to collect and use PNR data to prevent, detect, investigate and prosecute offences punishable with no less than 3 years’ imprisonment and of a transnational nature, Article 3(3) provides that serious transnational crimes means ‘offence punishable in Australia by a custodial sentence or a detention order for a maximum period of at least 4 years or a more serious penalty and as it is defined by the Australian law, if the crime is transnational in nature’. The same provision was repeated in Article 3.3 of the Proposal for a Council Decision on the conclusion of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data, COM(2013) 528 final of 18 July 2013. This Proposal will be treated in detail in the next Section.

  46. 46.

    The Privacy Act 1988 (Privacy Act) is an Australian law that regulates the handling of personal information about individuals. In particular, Section 14 of the Act lays down the 11 Information Privacy Principles (IPPs) that must be respected in the processing of personal data. For more information, see http://www.oaic.gov.au/privacy/privacy-act/the-privacy-act.

  47. 47.

    Article 6 of the Agreement between the EU and the United States initiated on 17 November 2011 provides that sensitive data be permanently deleted not later than 30 days from the last receipt of PNR containing such data by DHS (with the exception of the cases previously analysed). Article 8 of the same Agreement then provides for a period of up to 10 years of overall data retention for serious transnational crimes and 15 years for terrorist crimes.

  48. 48.

    Proposal for a Council Decision on the conclusion of an Agreement between the European Community and the Government of Canada on the processing of Advance Passenger Information (API)/Passenger Name Record (PNR) data, COM(2005) 200.

  49. 49.

    EC–Canada Agreement on passenger data. European Parliament legislative Resolution on the proposal for a Council decision on the conclusion of an Agreement between the European Community and the Government of Canada on the processing of Advance Passenger Information (API)/Passenger Name Record (PNR) data (COM(2005) 200-C6-0184/2005-2005/0095(CNS)), OJEC C 157E, 6.7.2006, p. 464.

  50. 50.

    Council Decision 2006/230/EC of 18 July 2005 on the conclusion of an Agreement between the European Community and the Government of Canada on the processing of API/PNR data, OJEC L 82, 21.3.2006, p. 14.

  51. 51.

    Commission Decision 2006/253/EC of 6 September 2005 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency (notified under document number C(2005) 3248), OJEC L 91, 29.3.2006, p. 49.

  52. 52.

    Commitments by the Canada Border Service Agency in relation to the application of its PNR program, Annex to Commission Decision 2006/253/EC, OJEC L 91, 29.3.2006, p. 53.

  53. 53.

    Under Canadian law, the requirements for personal data contained in the PNR of air passengers to be transferred to the CBSA, are based on Section 107.1 of the Customs Act, on the (Passenger Information (Customs) Regulations, on paragraph 148(d) of the Immigration, on Refugee Protection Act and upon Article 269 of the Immigration and on Refugee Protection Regulations).

  54. 54.

    Commission Decision 2006/253/EC of 6 September 2005 on the adequate protection of personal data contained in the Passenger Name Record of air passengers transferred to the Canada Border Services Agency (notified under document number C(2005) 3248), cit.

  55. 55.

    The Privacy Act took effect on 1 July 1983 and gives individuals the right to access and request correction of personal information about themselves held by the federal government organizations. For further information, see http://www.priv.gc.ca/leg_c/leg_c_a_e.asp.

  56. 56.

    Article 7 of Decision 2006/253/EC provides that the Decision should expire 3.5 years after its notification, unless extended.

  57. 57.

    Passenger Name Record (PNR) European Parliament Resolution of 5 May 2010 on the launch of negotiations for Passenger Name Record (PNR) agreements with the United States, Australia and Canada, 70, cit.

  58. 58.

    EU external strategy on Passenger Name Record (PNR). European Parliament Resolution of 11 November 2010 on the global approach to transfers of passenger name record (PNR) data to third countries, and on the recommendations from the Commission to the Council to authorise the opening of negotiations between the European Union and Australia, Canada and the United States, OJEU C 74E, 13.3.2012, p. 8.

  59. 59.

    Proposal for a Council Decision on the signature of the Agreement between Canada and the European Union on the transfer and processing of Passenger Name Record data, COM(2013) 529 final.

  60. 60.

    COM(2013) 529 final, cit.

  61. 61.

    On this point, see Chap. 3, Sect. 3.1.

  62. 62.

    The Article also defines the concept of ‘terrorist entity’ as: ‘(i) a person, a group, or an organization that has as one of its purposes or activities facilitating or carrying out an act or omission that is a terrorist offence; or ‘(ii) a person, a group, or an organization that knowingly acts on behalf of, at the direction of or in association with such a person, group or organization in (i)’. The definition of a terrorist entity represents an innovation compared to the Agreements in force with Australia and Canada. Article 3 of the Agreement with Australia, despite describing terrorist crimes similarly to the Canada Agreement of 2013, never mentions the term ‘terrorist entity’. Neither does the EU–USA Agreement of 2011, which in Article 4 also limits itself to giving examples of the type of conduct that may constitute a terrorist offence.

  63. 63.

    Article 16.3 of the Agreement provides that: ‘(a) Canada shall depersonalize through masking the names of all passengers 30 days after Canada receives the PNR data. (b) Two years after Canada receives the PNR data, Canada shall further depersonalize through masking the following: (i) other names on PNR, including number of travellers on PNR; (ii) all available contact information (including originator information); (iii) general remarks including other supplementary information (OSI), special service information (SSI) and special service request (SSR) information, to the extent that it contains any information capable of identifying a natural person; and (iv) any advance passenger information (API) data collected for reservation purposes to the extent that it contains any information capable of identifying a natural person.’ Regarding this provision, Paragraph 4 of the same Article provides for a derogation to PNR data masking to carry out investigations under the scope of Article 3 of the Agreement.

  64. 64.

    See Article 16(5) of the Agreement.

  65. 65.

    The ‘Bermuda I Agreement between the government of the United Kingdom and the government of the United States relating to Air Services between their respective Territories, Bermuda, 11 February 1946’ played an important role at international level. For the first time competition, capacity, fares and rates were subject to express regulation. In particular in the matter of rates and fares the operators’ power of initiative was provided for, with the involvement of IATA (International Air Transportation Association), together with programming and control on the part of the public authorities (double approval of fares on the part of the two governments). This agreement was then replaced by a new agreement in 1977, due to the changed economic conditions compared to 1946. The bilateral agreements inspired by the Bermuda model had in fact given rise to imbalances in the competition. The global economic recession of the 1970s raised the tariff levels of regular carriers to the advantage of charter flights. The ‘Bermuda II Agreement’ therefore had a substantially more protectionist approach, considerably expanding the power of intervention of public authorities in determining fares and rates. Mention must also briefly be made of the deregulation process, which occurred in the United States of America, always in the 1970s, with the adoption of the ‘Deregulation Act’ of 1978. With the enactment of this new legislative act the United States in subsequent bilateral agreements abolished an excess of public intervention in many sectors of the economy. In the sector of aviation transport the so-called ‘open sky’ or liberal agreements provided for the double disapproval clause, under which tariffs proposed by carriers can be refused only with the negative assessment of both the concerned governments.

  66. 66.

    This happened in three phases, with the adoption of the same number of packages: in 1987, 1990, and between 1992 and 1997. The first phase of the liberalization was characterised by the adoption of two Regulations and one Directive: Council Regulation (EEC) No 3975/87 of 14 December 1987 laying down the procedure for the application of the rules on competition to undertakings in the air transport sector; Council Regulation (EEC) No 3976/87/EEC of 14 December 1987 on the application of Article 85(3) of the Treaty to certain categories of agreements and concerted practices in the air transport sector; Council Directive 87/601/EEC of 14 December 1987 on fares for scheduled air services between Member States, OJEC L 374, 31.12.1987, p. 1 et seq.

  67. 67.

    The second phase consisted in the adoption of three Regulations: Council Regulation (EEC) No 2342/90/EEC of 24 July 1990 on fares for scheduled air services; Council Regulation (EEC) No 2343/90 of 24 July 1990 on access for air carriers to scheduled intra-Community air service routes and on the sharing of passenger capacity between air carriers on scheduled air services between Member States; Council Regulation (EEC) No 2344/90 of 24 July 1990 amending Regulation (EEC) No 3976/87 on the application of Article 85(3) of the Treaty to certain categories of agreements and concerted practices in the air transport sector, OJEC L 217, 11.8.1990, p. 1 et seq.

  68. 68.

    The package entered into force on 1 January 1993 and comprises five Regulations: Council Regulation (EEC) No 2407/92 of 23 July 1992 on licensing of air carriers; Council Regulation (EEC) No 2408/92 of 23 July 1992 on access for Community air carriers to intra-Community air routes; Council Regulation (EEC) No 2409/92 of 23 July 1992 on fares and rates for air services; Council Regulation (EEC) No 2410/92 of 23 July 1992 amending Regulation (EEC) No 3975/87 laying down the procedure for the application of the rules on competition to undertakings in the air transport sector; Council Regulation (EEC) No 2411/92 of 23 July 1992 amending Regulation (EEC) No 3976/87 on the application of Article 85(3) of the Treaty to certain categories of agreements and concerted practices in the air transport sector, OJEC L 240, 24.8.1992, p. 1 et seq.

  69. 69.

    Commission, Completion of the EC civil aviation policy in anticipation of the Common Market, Proposal for a Council Regulation (EEC) on fares and rates for air services, COM(91) 275 def., OJEC C 258, 4.10.1991, p. 15.

  70. 70.

    Regulation (EC) No 1008/2008 of the European Parliament and of the Council of 24 September 2008 on common rules for the operation of air services in the Community (Recast), OJEC L 293, 31.10.2008, p. 3.

  71. 71.

    Judgment in Case C-112/11 ebookers.com Deutschland GmbH v Bundesverband der Verbraucherzentralen und Verbraucherverbände—Verbraucherzentrale Bundesverband eV [2012] not yet published in the Reports.

  72. 72.

    Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights, amending Council Directive 93/13/EEC and Directive 1999/44/EC of the European Parliament and of the Council and repealing Council Directive 85/577/EEC and Directive 97/7/EC of the European Parliament and of the Council, OJEU L 304, 22.11.2011, p. 64.

  73. 73.

    On 23 January 2014, in Case C-487/12 Vueling Airlines, (pending), Advocate General Yves Bot delivered an Opinion as to whether air carriers could charge for checking passenger’s baggage in the form of an optional price supplement in accordance with EU law. In August 2010 Vueling Airlines added a surcharge of EUR 40 to the base price ticket purchased by Ms Arias Villegas when she checked in two pieces of baggage online. Ms Arias Villegas therefore decided to lodge a complaint because she was convinced that the contract of carriage by air concluded with that undertaking contained an unfair term. The ‘Instituto Galego de Consumo de la Xunta de Galicia’ (consumer body established by the Autonomous Community of Galicia) imposed an administrative fine on the air carrier. Spanish legislation prohibits air carriers from charging for checking in passengers’ baggage in the form of an optional supplement price. Subsequently, a reference was made to the European Court of Justice on the compatibility of Spanish legislation with the principle of pricing freedom as laid down in EU Law (Article 22(1) of Regulation (EC) No 1008/2008) by the Juzgado de lo Contencioso-Administrativo No 1 de Ourense (Court for Contentious Administrative Proceedings, Ourense, Spain). In his Opinion, the Advocate General proposed that the Court should answer that EU law allows air carriers pricing freedom in respect of all commercial services associated with the performance on the contract of carriage by air, including services such as checking in baggage. EU law seeks on the one hand, to avoid a distortion of competition arising from different application of the rules at national level, whilst, on the other enabling consumers to compare effectively the prices of air services. Thus, the Spanish legislation was clearly not compatible with EU law. Furthermore, the Advocate General recalled that air carriers must inform customers in a clear, transparent and unambiguous way, at the start of the booking process, about the detailed rules for pricing relating to supplement services, on an opt-in basis, in accordance with the ECJ’s judgment in Case C-112/11 ebookers.com Deutschland GmbH, cit.

  74. 74.

    Council Regulation (EEC) No 2299/89 of 24 July 1989 on a code of conduct for computerized reservation systems, OJEC L 220, 29.7.1989, p. 1.

  75. 75.

    Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems and repealing Council Regulation (EEC) No 2299/89, OJEC L 35, 4.2.2009, p. 47.

  76. 76.

    An instance is the accident that occurred in September 1998, when Swissair Flight 111, which was a code-share flight with Delta Air Lines, crashed into the Atlantic Ocean off the coast of Nova Scotia, Canada. 229 people lost their lives in the accident. The accident gave rise to much debate on the absence of ad hoc legislation of the oversight of safety standard for carriers operating code-share flights, compared to the regulations enacted by the American FAA. More recently, on 2 February 2013, an ATR-72 of the Rumanian carrier Carpatair, landing at Leonardo da Vinci airport in Fiumicino, Rome, went off the runway because of the strong wind. Of the 50 occupants, comprising 4 crew members and 46 passengers, 22 were injured, two of them seriously. In this case, too, there was much argument about the Italian flagship carrier Alitalia (for which Carpatair was operating the flight) having failed to inform the passengers of the operating carrier who would be effectively operating the flight and having, astonishingly, shorn the aircraft of its logo on the night immediately following the accident, to avoid suffering additional damage to its image. On the former accident, see http://aviation-safety.net/database/record.php?id=19980902-0. For additional information on the Fiumicino accident see http://aviation-safety.net/database/record.php?id=20130202-0. On 23 November 2013, Alitalia was ordered to pay a penalty of 45,000 Euros for unfair practice, namely for omitting to inform its passenger about the actual carrier which was operating the flight. For additional information see http://www.corriere.it/economia/13_novembre_22/alitalia-multa-scontata-crisi-antitrust-affitto-atr-72-carpatair-8bc5602a-5391-11e3-91e0-82492dd09bca.shtml. Finally, as mentioned above, on 24 July 2014, Air Algérie Flight AH5017, operated by a MD83 leased from Spanish airline Swiftair for the summer season, crashed in the area of Gossi, Mali. All passengers and crew died in the accident. 80 occupants of the aircraft were European Union citizens. On this event see Chap. 2, Sect. 2.1.

  77. 77.

    Under ‘IATA Passenger Service Conference Resolution n. 762’, each airline is assigned an identification code (IATA reservation code or IATA airline designator) composed of either two or three letters. The airline will then add a number of supplementary digits to identify each single flight. For instance, the two letters that identify the Italian flagship carrier Alitalia are AZ.

  78. 78.

    Numerous carriers that avail themselves of code-share agreements with air carriers are part of the same commercial alliances. For instance, air carrier Alitalia, part of the commercial alliance ‘SkyTeam’, offers air carriage sport services in code-share with Delta, Air France, KLM, China Airlines and others carriers, who are all in the commercial alliance. Moreover it has additional code-share agreements with third air carriers, such as Carpatair, Etihad Airways, Tap Portugal and Luxair; British Airways, within its commercial alliance ‘One World’ has code-share agreements with, amongst others, Iberia, American Airlines and Japan Airlines. Also Lufthansa, a member of the commercial alliance ‘Star Alliance’ has, amongst others, a code-share agreement with Air China. See http://corporate.alitalia.it/en/agreements-and-alliances/code-sharing-agreements/code-sharing-agreements.html; http://www.oneworld.com/member-airlines/british-airwaysc; and http://www.lufthansagroup.com/en/company/alliances/partner-airlines.html.

  79. 79.

    ICAO, Doc Circular 269-AT/10, Implications of Airline Code Sharing, Montreal, 1997.

  80. 80.

    ICAO, Doc. 9626, Manual on the Regulation of International Air Transport, Montreal, 2004.

  81. 81.

    Regulation (EC) No 1008/2008, Article 2(24), defines a ‘dry lease agreement’ as ‘an agreement between undertakings pursuant to which the aircraft is operated under the AOC of the lessee’.

  82. 82.

    Regulation (EC) No 1008/2008, Article 2(2) defines ‘wet lease agreement’ as ‘an agreement between air carriers pursuant to which the aircraft is operated under the AOC of the lessor’.

  83. 83.

    Convention for the Unification of Certain Rules for International Carriage by Air, (Montreal, 28 May 1999), cit.

  84. 84.

    The 1929 Warsaw Convention, in its original version, did not provide for the case in which the air carriage service was operated not by the contracting carrier but by the actual carrier. The Warsaw Convention was subsequently supplemented by the Guadalajara Convention of 18 September 1961, on international carriage by air performed by a person other than the contracting carrier. The latter convention, despite having received the approval and ratification by several States (enough for it to enter into force), was not, for instance, ratified by the United States, which being a common law system required a clarification on the identification of carriers falling under the Warsaw Convention. The Guadalajara Convention provided for the extension to the actual carrier (defined, in Article 1(c) by the Convention as meaning a person other than the contracting carrier, who, by virtue of authority from the contracting carrier, performs the whole or part of an international carriage) of the liability provided for under the Warsaw Convention (as amended by The Hague Protocol of 1955), limited to the contract performed (Article 2), without prejudice to the responsibility of the contracting carrier for the acts and omissions of the actual carrier and its servants and agents (Article 3). Any complaint to be made or order to be given to the carrier can be addressed, at the option of the plaintiff, to the contracting carrier or to the actual carrier. The Guadalajara Convention represents the first uniform legal text that expressly provides that passengers may take legal action against the actual carrier.

  85. 85.

    See Articles 17(1) and 22(1) of the Montreal Convention on liability of the carrier and the extent of compensation for damage in the case of death or injury of passengers.

  86. 86.

    Article 45 of the Montreal Convention (Addressee of Claims) provides that: ‘In relation to the carriage performed by the actual carrier, an action for damages may be brought, at the option of the plaintiff, against that carrier or the contracting carrier, or against both together or separately. If the action is brought against only one of those carriers, that carrier shall have the right to require the other carrier to be joined in the proceedings, the procedure and effects being governed by the law of the court seized of the case’.

  87. 87.

    Article 46 of the Montreal Convention (Additional Jurisdiction) provides that: ‘Any action for damages contemplated in Article 45 must be brought, at the option of the plaintiff, in the territory of one of the States Parties, either before a court in which an action may be brought against the contracting carrier, as provided in Article 33, or before the Court having jurisdiction at the place where the actual carrier has its domicile or its principal place of business’.

  88. 88.

    IATA, Recommended Practice 1724 on General Conditions of Carriage, 1999.

  89. 89.

    Regulation (EC) No 1008/2008 of the European Parliament and of the Council of 24 September 2008 on common rules for the operation of air services in the Community (Recast), cit.

  90. 90.

    Articles 13 and 15 of Regulation (EC) No 1008/2008, cit.

  91. 91.

    See Communication from the Commission to the European Parliament and the Council ­Protection of air passengers in the European Union of 21 June 2000, COM(2000) 365 final. In this communication, the Commission, after careful study of the applicability of safety standards to ­code-share agreements, points out that ‘[i]t would be quite unacceptable for code-sharing to lead to passengers suffering lower levels of safety on the flights of partner airlines from third countries than on those of Community carriers. There are calls for airlines to be required to audit the safety of code-share partners, particularly carriers from third countries’. The Commission then put forward that ‘[a]t present, Regulation (EEC) 2407/92 provides that airlines must obtain prior approval for leasing of aircraft, which cannot be given in the case of leasing with crew unless safety standards equivalent to those of the Community apply. The Commission holds that these provisions apply to code-sharing and franchising, as well as to subcontracting, and will recall these ­obligations to Member States’. This guideline was subsequently made law, as has been stated, by Article 13 of Regulation (EC) No 1008/2008, which repealed Regulation (EEC) No 2407/92. The new Article actually provides for aircraft leasing, but it could be argued that, since the Commission’s guidelines have not changed, these rules also apply to code-share agreements.

  92. 92.

    Council Regulation (EEC) No 2299/89 of 24 July 1989 on a code of conduct for computerized reservation systems, cit.

  93. 93.

    Council Regulation (EC) No 323/1999 of 8 February 1999 amending Regulation (EEC) No 2299/89 on a code of conduct for computer reservation systems (CRSs), cit.

  94. 94.

    Communication from the Commission to the European Parliament and the Council Protection of air passengers in the European Union, cit.

  95. 95.

    Regulation (EC) No 2111/2005 of the European Parliament and of the Council of 14 December 2005 on the establishment of a Community list of air carriers subject to an operating ban within the Community and on informing air transport passengers of the identity of the operating air carrier, and repealing Article 9 of Directive 2004/36/EC, cit.

  96. 96.

    Regulation (EC) No 80/2009 of the European Parliament and of the Council of 14 January 2009 on a Code of Conduct for computerised reservation systems and repealing Council Regulation (EEC) No 2299/89, cit.

  97. 97.

    Point 10 of Annex I to Regulation (EC) No 80/2009 provides that: ‘[w]here air carriers operate under code-share arrangements, each of the air carriers concerned—not more than two—shall be allowed to have a separate display using its individual carrier-designator code. Where more than two air carriers are involved, the designation of the two carriers shall be a matter for the carrier actually operating the flight’.

  98. 98.

    Article 5(3) of Regulation (EU) No 80/2009 provides that: ‘[f]lights operated by air carriers subject to an operating ban pursuant to Regulation (EC) No 2111/2005 of the European Parliament and of the Council of 14 December 2005 on the establishment of a Community list of air carriers subject to an operating ban within the Community and on informing air transport passengers of the identity of the operating air carrier must be clearly and specifically identified in the display’.

  99. 99.

    Article 5(4) of Regulation (EU) No 80/2009 provides that: ‘[t]he system vendor shall introduce a specific symbol in the CRS display which shall be identifiable by the users for the purposes of the information on the identity of the operating air carrier provided for under Article 11 of Regulation (EC) No 2111/2005’. For Regulation (EC) No 2111/2005, see Sect. 2.5 of Chap. 2.

Essential Bibliography

  • Abeyratne, R. 2010. Negligent entrustment of leased aircraft and crew: Some legal issues. Air and Space Law 35(1): 33–44.

    Google Scholar 

  • Bochon, A. 2013. Case ebookers.com Deutschland: Opt in procedure and price transparency of optional supplements in the air sector. Revue européenne de droit de la consummation: 101–111.

    Google Scholar 

  • Boehm, F. 2010. Tit for tat: Europe’s revenge for the Canadian and US-American PNR systems?: The envisaged European model of analyzing flight passenger data. ERA-Forum 11(2): 251–261.

    Article  Google Scholar 

  • Boehm, F. 2011. EU PNR: European flight passengers under general suspicion: The envisaged European model of analyzing flight passenger data. Computers, Privacy and Data Protection: 171–199.

    Google Scholar 

  • Botta, M.-Cunha, V. 2010. La protezione dei dati personali nelle relazioni tra UE e USA, le negoziazioni sui trasferimento dei PNR. Il diritto dell’informazione e dell’informatica 26(2): 315–341.

    Google Scholar 

  • Conti, C. 2001. Code-sharing and air carrier liability. Air and Space Law 26(1): 4–19.

    Article  Google Scholar 

  • Cotura, S. 2011. Cooperation between the European Union and the United States regarding international security: PNR and SWIFT. International Institutions and Co-operation (1): 277–300.

    Google Scholar 

  • De Groot, J.E.C. 1994. Code-sharing: United States’ policies and the lessons for Europe. Air and Space Law 19(2): 62–64.

    Google Scholar 

  • Dirrig, E. 2006. La jurisprudence de la Cour de justice et du Tribunal de première instance. Chronique des arrêts. Arrêt’Passenger Name Records’, Revue du droit de l’Union européenne: 698–702.

    Google Scholar 

  • Faull, J. 2011. The role of the European Commission in tackling terrorism: The example of passenger name records. A constitutional order of States?: Essays in EU law in honour of Alan Dashwood, 609. Oxford: Hart Publishing.

    Google Scholar 

  • Franklin, M. 1999. Code-sharing and passenger liability. Air and Space Law 24(3): 128–133.

    Google Scholar 

  • Friedmann, G. 2011. Price transparency requirements of the EC air services regulation 2008. Air and Space Law 36(1): 71–77.

    Google Scholar 

  • Galli, F. 2010. Passenger name record agreements: The umpteenth attempt to anticipate risk. Eucrim (3): 124–127.

    Google Scholar 

  • Guerreri, G. 2001. Liability in contract and tort under aircraft lease agreement. Air and Space Law 26(1): 56–58.

    Article  Google Scholar 

  • Gunther, K. 1997. Legal implications of code-sharing services: A German perspective. Air and Space Law 22(1): 8–12.

    Google Scholar 

  • Heilbronn, G.-Von Nessen, P. 2009. Airline and aviation industry information retention: Problems for privacy law proposals on data breach notification in Australia. Air and Space Law 34(4–5): 261–284.

    Google Scholar 

  • Margo, R. 1996. Aircraft leasing: The airline’s objectives. Air and Space Law 21(4–5): 166–174.

    Google Scholar 

  • Mendes de Leon, P. 2006. The fight against terrorism through aviation: Data protection versus data protection. Air and Space Law 36(4–5): 320–330.

    Google Scholar 

  • Michel, V. 2006. La dimension externe de la protection des données à caractère personnel: Acquiescement, perplexité et frustration. Revue trimestrielle de droit européen: 549–555.

    Google Scholar 

  • Moffa, B.-Angel, M. 2008. Hacia un difícil equilibrio entre privacidad y seguridad: La conservación de datos en las comunidades electrónicas y la transferencia de datos de pasajeros por las companies aéreas. Revista española de derecho administrativo 137: 31–55.

    Google Scholar 

  • Nieto Garrido, E. 2005. El transporte aéreo de personas y la transmisión de susdatos. La seguridad integral europea: 279–290.

    Google Scholar 

  • Patton, C. 2008. No man’s land: The E.U.-U.S. passenger name record agreement and what it means for the European Union’s pillar structure. The George Washington International Law Review 40(2): 527–551.

    Google Scholar 

  • Pauvert, B. 2005. La difficile conciliation de la sûreté aérienne et du respect des libertés individuelles? La sécurité et la sûreté des transports aériens. (in particular) 81–95. Paris: L’Harmattan.

    Google Scholar 

  • Pedilarco, E. 2006. Protezione dei dati personali: La Corte di giustizia annulla l’accordo Unione europea-Stati Uniti sul trasferimento dei dati dei passeggeri aerie. Diritto pubblico comparato ed europeo Vol (3): 1225–1231.

    Google Scholar 

  • Peeters, M. 2009. The new EC regulation on computer reservation systems. Air and Space Law 34(4–5): 227–252.

    Google Scholar 

  • Perrin, S. 2009. Quel cadre juridique pour de futurs accords ‘PNR’ après le traité de Lisbonne? Union européenne et sécurité: 163–182.

    Google Scholar 

  • Roos, H.B.-Sneek, N.W. 1997. Some remarks on predatory pricing and monopolistic competition in air transport. Air and Space Law 22(3): 154–157.

    Google Scholar 

  • Rossi Dal Pozzo, F. 2008. Servizi di trasporto aereo e diritti dei singoli nella disciplina comunitaria. (in particular) 168–182. Milano: Giuffre.

    Google Scholar 

  • Ruttley, P. 2005. Stormy skies ahead: The new EC regulation against unfair pricing in the aviation sector. International Trade Law & Regulation 11(2): 43–52.

    Google Scholar 

  • Tiberti, G. 2006. L’accordo tra la Comunità europea e gli Stati Uniti sulla schedatura elettronica dei passeggeri aerei al vaglio della Corte di giustizia. Quaderni costituzionali 4: 824–829.

    Google Scholar 

  • Van Bakelen, F.A. 1988. Aviation wizards: Terminal hazards; airlines’ computerized reservation systems (C.R.S.): A benefit or a burden? Air and Space Law 13(2): 77–91.

    Google Scholar 

  • Wouters, M. 2011. Simplification of the European code of conduct for computer reservation systems (CRS). Air and Space Law 36(1): 49–61.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Diritto pubblico italiano e sovranazionale – Department of Italian and Supranational Public Law, Università degli Studi di Milano – University of Milan, Milan, Italy

    Francesco Rossi Dal Pozzo

Authors
  1. Francesco Rossi Dal Pozzo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Rossi Dal Pozzo .

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Rossi Dal Pozzo, F. (2015). The Protection of the Right to Privacy in the Context of Security and Commercial Practices. In: EU Legal Framework for Safeguarding Air Passenger Rights. Springer, Cham. https://doi.org/10.1007/978-3-319-08090-1_5

Download citation

Publish with us

Policies and ethics

Search

Navigation